On 5/11/06, Jim Bauer <jfbauer@xxxxxxx> wrote:
Dang wrote:
> Hi,
> I have an requirement of logging program's name with time stamp on
> its exit. My preference would be to trap in kernel. Can't change
> source code, I have to achieve it using modules.
Have you looked at the process accounting code already in the kernel?
--
Kernelnewbies: Help each other learn about the Linux kernel.
Archive: http://mail.nl.linux.org/kernelnewbies/
FAQ: http://kernelnewbies.org/faq/
Hi Jim, thanks a lot for your reply. Yes, I looked up the BSD
accounting code in the linux kernel and I have few observation:
There are two places where in we need to hook. One is the system call
acct() and other f_op->write(). This will solve most of the issues but
one.
How to check if accounting is already enabled before my module is loaded?
This is required becaue in overloaded f_op->write() there will be a check
if (I started the accounting)
{
decode_accounting_data(data);
do_not_write_to_accounting_file;
}
else
{
invoke_original_f_op->write();
}
I think this should solve most of the issues.
--
Regards,
Dang
--
Kernelnewbies: Help each other learn about the Linux kernel.
Archive: http://mail.nl.linux.org/kernelnewbies/
FAQ: http://kernelnewbies.org/faq/
